[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf.conf question

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: pf.conf question
From: Sam Vaughan <yamaneko_(_at_)_centurytel_(_dot_)_net>
Date: Fri, 15 Feb 2002 02:05:31 -0500

Greetings.

I have a small question about one of the examples in the pf.conf man page.

From the EXAMPLE section:

 # block and log everything by default
     block             out log on $ext_if           all
     block             in  log on $ext_if           all
     block return-rst  out log on $ext_if proto tcp all
     block return-rst  in  log on $ext_if proto tcp all
     block return-icmp out log on $ext_if proto udp all
     block return-icmp in  log on $ext_if proto udp all

I just want to make sure I am understanding the above correctly.

The first two rules block everything. So why are the next 4 needed? My assumption is that they are helpful in reading the pflog log output. (IE you know that it was rule 5 that got blocked) What are the advantages of logging separately the return-rst and return-icmp?

Follow-Ups:
- Re: pf.conf question
  - From: Henning Brauer

References:
- PF Question about return-icmp packets ... (Asheron's Call)
  - From: oliver.haeuser

Prev by Date: PF Question about return-icmp packets ... (Asheron's Call)
Next by Date: Re: pf.conf question
Previous by thread: PF Question about return-icmp packets ... (Asheron's Call)
Next by thread: Re: pf.conf question
Index(es):
- Date
- Thread

Visit your host, monkey.org